freeCodeCamp/api-server/server/middlewares/csurf.js

import csurf from 'csurf';

export default function() {
  const protection = csurf(
    {
      cookie: {
        domain: process.env.COOKIE_DOMAIN || 'localhost'
      }
    }
  );
  return function csrf(req, res, next) {

    const path = req.path.split('/')[1];
    if (/(^api$|^external$|^internal$|^p$)/.test(path)) {
      return next();
    }
    return protection(req, res, next);
  };
}
Add csrf protection 2016-05-02 17:22:56 -07:00			`import csurf from 'csurf';`

			`export default function() {`
feat(auth): Authorise 'external' requests through JWT (#17224) 2018-05-23 21:10:56 +01:00			`const protection = csurf(`
			`{`
			`cookie: {`
			`domain: process.env.COOKIE_DOMAIN \|\| 'localhost'`
			`}`
			`}`
			`);`
Remove csrf from api calls 2016-05-02 21:11:49 -07:00			`return function csrf(req, res, next) {`
feat(auth): Authorise 'external' requests through JWT (#17224) 2018-05-23 21:10:56 +01:00
Remove csrf from api calls 2016-05-02 21:11:49 -07:00			`const path = req.path.split('/')[1];`
fix(api): Use /internal for API entry 2018-08-29 20:52:41 +01:00			`if (/(^api$\|^external$\|^internal$\|^p$)/.test(path)) {`
Remove csrf from api calls 2016-05-02 21:11:49 -07:00			`return next();`
			`}`
			`return protection(req, res, next);`
			`};`
Add csrf protection 2016-05-02 17:22:56 -07:00			`}`